Issue related to HTTP Status 409 - Session timed out.| Need Urgent Reply
1,776 views
Skip to first unread message
abadhesh jha
Jul 1, 2009, 2:39:02 AM7/1/09
to atg_...@googlegroups.com
Hi,
i am facing one issue related to session timeout
Description
our application is running on atg2006.3+das6
now we are migrating it to ATG9.0 +jboss
On Jboss-
link are being generate by <dsp:a> tag
there is one link on home page when i click on that link it says
other links on same page is working fine
On DAS
same link is working fine
both URL being generated differently
URL generate on jboss
http://www.bangabjha1.sapient.com/broadway/reservations/flow1/corpCheckAvailability.jsp?_DARGS=/broadway/tiles/header.jsp_A&_DAV=false
URL on DAS
http://www.bangabjha1.sapient.com/broadway/reservations/flow1/corpCheckAvailability.jsp;JSESSIONID=some number?_DARGS=/broadway/tiles/header.jsp_A&_DAV=false
Note:-All links are being generated by <dsp:a> tag
on jboss server it saying
[DAFDropletEventServlet] Missing session confirmation number: Request URI: /broadway/reservations/flow1/corpCheckAvailability.jsp, Referer: http://bangabjha1/broadway/
--
Best Regards
Abadhesh
i am facing one issue related to session timeout
Description
our application is running on atg2006.3+das6
now we are migrating it to ATG9.0 +jboss
On Jboss-
link are being generate by <dsp:a> tag
there is one link on home page when i click on that link it says
HTTP Status 409 - Session timed out.
other links on same page is working fine
On DAS
same link is working fine
both URL being generated differently
URL generate on jboss
http://www.bangabjha1.sapient.com/broadway/reservations/flow1/corpCheckAvailability.jsp?_DARGS=/broadway/tiles/header.jsp_A&_DAV=false
URL on DAS
http://www.bangabjha1.sapient.com/broadway/reservations/flow1/corpCheckAvailability.jsp;JSESSIONID=some number?_DARGS=/broadway/tiles/header.jsp_A&_DAV=false
Note:-All links are being generated by <dsp:a> tag
on jboss server it saying
[DAFDropletEventServlet] Missing session confirmation number: Request URI: /broadway/reservations/flow1/corpCheckAvailability.jsp, Referer: http://bangabjha1/broadway/
--
Best Regards
Abadhesh
Kartikeya
Jul 1, 2009, 1:38:29 PM7/1/09
to atg_...@googlegroups.com
This is a known issue Abadhesh.
ATG 2006.3p4 and later, introduced a _dynSessConf parameter to all DSP
taglib and JHTML generated forms and property setting anchor tags.
This new parameter contains a session confirmation number, which is a
randomly generated long number associated with a session. When a
formhandler submit or property setting link request occurs the value
of the _dynSessConf parameter is checked against the current session's
session confirmation number. If _dynSessConf is missing or doesn't
match the confirmation number of the current session, a warning is
logged, and event processing may be skipped.
There are 2 ways to fix as far as I know
1. Delete all the OLD compiled JSPs and cached jars
2. Disable this functionality i.e. in atg/dynamo/Configuration set the
following properties
enforceSessionConfirmation=false
warnOnSessionConfirmationFailure=false
Hope that helps.
Thanks, Kartik
ATG 2006.3p4 and later, introduced a _dynSessConf parameter to all DSP
taglib and JHTML generated forms and property setting anchor tags.
This new parameter contains a session confirmation number, which is a
randomly generated long number associated with a session. When a
formhandler submit or property setting link request occurs the value
of the _dynSessConf parameter is checked against the current session's
session confirmation number. If _dynSessConf is missing or doesn't
match the confirmation number of the current session, a warning is
logged, and event processing may be skipped.
There are 2 ways to fix as far as I know
1. Delete all the OLD compiled JSPs and cached jars
2. Disable this functionality i.e. in atg/dynamo/Configuration set the
following properties
enforceSessionConfirmation=false
warnOnSessionConfirmationFailure=false
Hope that helps.
Thanks, Kartik
abadhesh jha
Jul 1, 2009, 3:35:34 PM7/1/09
to atg_...@googlegroups.com
Thanx Kartik...for you post
now all links are working fine..
--
Associate Technology L2 | Sapient
Bangalore 560066
Mobile: (0) 9886104616
E-mail: aj...@sapient.com
now all links are working fine..
Associate Technology L2 | Sapient
Bangalore 560066
Mobile: (0) 9886104616
E-mail: aj...@sapient.com
Jeremy Sears
Jul 1, 2009, 3:46:40 PM7/1/09
to atg_...@googlegroups.com
It's probably important to note that you don't want to disable this under normal circumstances. The session confirmation helps to prevent XSRF (cross-site request forgery) attacks. If you can, I'd recommend recompiling your pages as Kartikeya suggests.
--
Jeremy Sears
--
Jeremy Sears
Sridhar Gubba
Jul 2, 2009, 12:20:38 PM7/2/09
to atg_...@googlegroups.com
I also faced the same problem (409 Error) long back(ATG 2006.3p6). But option 2 worked for me , i.e.
Adding following properties to Configuration.properties:
enforceSessionConfirmation=false
warnOnSessionConfirmationFailure=false
warnOnSessionConfirmationFailure=false
--Sridhar
Reply all
Reply to author
Forward
0 new messages